Jaws - coming soon - testers and advice wanted

ke.han <>
Mon Feb 20 15:21:00 CET 2006


Sounds great Joe!!! gotta have a copy when your ready.
I am just starting a process of building a framework based on the 
experience of a just finished mid-sized ajax/json/yaws/erlang/mnesia app.
I am in the design phase of pulling together all the utils and 
fragmented metadata I wrote for the app into a cohesive and simple MVC 
framework.
I am canvasing all the latest erlang code base for inclusion and 
influence...including Ulf's plain_fsm and (awaiting) rdbms and various 
ajax andf json patterns.
My primary goal is to build a high level framework which formalizes the 
interaction of injecting a controller into a view and having the view 
contain metadata of the client/server interaction separate from the view 
layout/content.  The idea is that the controller and domain objects 
(referenced via the controller and metadata interactions) are each 
plain_fsm "objects" that use "receive parse transforms" to allow the 
domain and controllers to "inherit" accessor, event and other framework 
behaviors.
If this ramble makes no sense, hopefully, my first few sets of example 
code will ;-).
But the important thing is I would love to study how to include your 
ideas with an open mind to transform my own into something better.
These next 4 weeks are crucial for me as its my only time to spend 100% 
of my energy on getting this framework bootstrapped. (yes, I plan to 
open source the whole thing).
thanks for the heads up!!
ke han


Joe Armstrong (AL/EAB) wrote:
> No - javascript is executed on the client - never the server. Nothing 
> you can do on the client can damange the sever
> *provided* the server code is safely compiled.
>  
> I guess I omitted to say that in my "safe" mode of compilation 
> *everything* is compiled with a safety wrapper (ie including
> BIFs) - thus
>  
>     apply(M, F, A) is transformed to safe:do(erlang, apply, [M,F,A])
>  
> and
>    
>    list_to_atom(X) to safe:do(erlang, list_to_atom, [X])
>    
>    Then safe:do/3 can be written with any policy you like - to enable or 
> disable more or less risky operations
>  
> /Joe
>  
> 
>     ------------------------------------------------------------------------
>     *From:* 
>     [mailto:] *On Behalf Of *Alex Arnon
>     *Sent:* den 20 februari 2006 12:49
>     *To:* 
>     *Subject:* Re: Jaws - coming soon - testers and advice wanted
> 
>     Could the Javascript apply(...) binding cause new atoms to be
>     created? In that case, wouldn't that constitute a security hazard?
> 




More information about the erlang-questions mailing list